DRUPAL-CORE-2019-001

See a problem?

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/core/DRUPAL-CORE-2019-001.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CORE-2019-001

Aliases

Published

2019-01-16T17:17:11Z

Modified

2025-12-10T23:40:59.245360Z

Summary

[none]

Details

Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details.

References

https://www.drupal.org/sa-core-2019-001

Credits

- Ayesh Karunaratne
- - https://www.drupal.org/user/796148
- farisv
- - https://www.drupal.org/u/farisv

Affected packages

Packagist / drupal/core

Package

Name: drupal/core
Purl: pkg:composer/drupal/core

Affected ranges

Type

ECOSYSTEM

Events

Introduced

8.0.0

Fixed

8.5.9

Database specific

{
    "constraint": ">= 8.0.0 <8.5.9"
}

Type

ECOSYSTEM

Events

Introduced

8.6.0

Fixed

8.6.6

Database specific

{
    "constraint": ">=8.6.0 <8.6.6"
}

Affected versions

8.*

8.0.0

8.0.1

8.0.2

8.0.3

8.0.4

8.0.5

8.0.6

8.1.0-beta1

8.1.0-beta2

8.1.0-rc1

8.1.0

8.1.1

8.1.2

8.1.3

8.1.4

8.1.5

8.1.6

8.1.7

8.1.8

8.1.9

8.1.10

8.2.0-beta1

8.2.0-beta2

8.2.0-beta3

8.2.0-rc1

8.2.0-rc2

8.2.0

8.2.1

8.2.2

8.2.3

8.2.4

8.2.5

8.2.6

8.2.7

8.2.8

8.3.0-alpha1

8.3.0-beta1

8.3.0-rc1

8.3.0-rc2

8.3.0

8.3.1

8.3.2

8.3.3

8.3.4

8.3.5

8.3.6

8.3.7

8.3.8

8.3.9

8.4.0-alpha1

8.4.0-beta1

8.4.0-rc1

8.4.0-rc2

8.4.0

8.4.1

8.4.2

8.4.3

8.4.4

8.4.5

8.4.6

8.4.7

8.4.8

8.5.0-alpha1

8.5.0-beta1

8.5.0-rc1

8.5.0

8.5.1

8.5.2

8.5.3

8.5.4

8.5.5

8.5.6

8.5.7

8.5.8

8.6.0

8.6.1

8.6.2

8.6.3

8.6.4

8.6.5

Database specific

affected_versions

">=7.0 <7.62 || >= 8.0.0 <8.5.9 || >=8.6.0 <8.6.6"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/core/DRUPAL-CORE-2019-001.json"